search: check for null bytes before querying #9473
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[PostgreSQL has an unusual definition of `UTF8` that doesn't allow for null bytes][null-bytes], even though they are technically valid UTF-8 by any other definition (including Rust's `str` type). Sending a crate search request that includes a null byte will eventually result in a database error anyway, but let's save Sentry the trouble and just 400 out early. Fixes rust-lang#9444. [null-bytes]: https://www.commandprompt.com/blog/null-characters-workarounds-arent-good-enough/
Turbo87
reviewed
Sep 19, 2024
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9473 +/- ##
==========================================
+ Coverage 89.09% 89.10% +0.01%
==========================================
Files 286 286
Lines 29035 29039 +4
==========================================
+ Hits 25868 25875 +7
+ Misses 3167 3164 -3 ☔ View full report in Codecov by Sentry. |
eth3lbert
reviewed
Sep 19, 2024
Comment on lines
+58
to
+64
| let option_param = |s| match params.get(s).map(|v| v.as_str()) { | ||
| Some(v) if v.contains('\0') => Err(bad_request(format!( | ||
| "parameter {s} cannot contain a null byte" | ||
| ))), | ||
| Some(v) => Ok(Some(v)), | ||
| None => Ok(None), | ||
| }; |
There was a problem hiding this comment.
Is it okay to simply write it as:
Suggested change
| let option_param = |s| match params.get(s).map(|v| v.as_str()) { | |
| Some(v) if v.contains('\0') => Err(bad_request(format!( | |
| "parameter {s} cannot contain a null byte" | |
| ))), | |
| Some(v) => Ok(Some(v)), | |
| None => Ok(None), | |
| }; | |
| let option_param = |s| match params.get(s).map(|v| v.as_str()) { | |
| Some(v) if v.contains('\0') => Err(bad_request(format!( | |
| "parameter {s} cannot contain a null byte" | |
| ))), | |
| v @ _ => Ok(v), // or just v => Ok(v) | |
| }; |
Or will it be more difficult to read in this way?
There was a problem hiding this comment.
I'll treat this comment as non-blocking. up to Adam whether he wants to pull this into a follow-up PR :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PostgreSQL has an unusual definition of
UTF8that doesn't allow for null bytes, even though they are technically valid UTF-8 by any other definition (including Rust'sstrtype). Sending a crate search request that includes a null byte will eventually result in a database error anyway, but let's save Sentry the trouble and just 400 out early.I did a quick audit of other places that we use query parameters and don't see any other code paths where we use a string directly as a query parameter, but I won't pretend this was a super detailed survey. (Fun fact: I can actually see the power usage for my laptop increase on my fancy new charger when I hit "show references" on the
querymethod inRequestUtils.)Fixes #9444.